ci: use aws s3 client that invalidates cloudfront cache for places that modify Constellation api (#1839)

2025-09-20 21:14:37 -04:00 · 2023-06-02 11:20:01 +02:00 · 2023-06-02 11:20:01 +02:00 · e1d3afe8d4
commit e1d3afe8d4
parent 93569ff54c
29 changed files with 398 additions and 186 deletions
--- a/internal/osimage/archive/archive.go
+++ b/internal/osimage/archive/archive.go
@ -12,18 +12,19 @@ import (
 	"io"
 	"net/url"

-	awsconfig "github.com/aws/aws-sdk-go-v2/config"
 	s3manager "github.com/aws/aws-sdk-go-v2/feature/s3/manager"
 	"github.com/aws/aws-sdk-go-v2/service/s3"
 	s3types "github.com/aws/aws-sdk-go-v2/service/s3/types"
 	versionsapi "github.com/edgelesssys/constellation/v2/internal/api/versions"
 	"github.com/edgelesssys/constellation/v2/internal/constants"
 	"github.com/edgelesssys/constellation/v2/internal/logger"
+	"github.com/edgelesssys/constellation/v2/internal/staticupload"
 )

 // Archivist uploads OS images to S3.
 type Archivist struct {
-	uploadClient uploadClient
+	uploadClient      uploadClient
+	uploadClientClose func(ctx context.Context) error
 	// bucket is the name of the S3 bucket to use.
 	bucket string

@ -31,19 +32,37 @@ type Archivist struct {
 }

 // New creates a new Archivist.
-func New(ctx context.Context, region, bucket string, log *logger.Logger) (*Archivist, error) {
-	cfg, err := awsconfig.LoadDefaultConfig(ctx, awsconfig.WithRegion(region))
+func New(ctx context.Context, region, bucket, distributionID string, log *logger.Logger) (*Archivist, CloseFunc, error) {
+	staticUploadClient, staticUploadClientClose, err := staticupload.New(ctx, staticupload.Config{
+		Region:                    region,
+		Bucket:                    bucket,
+		DistributionID:            distributionID,
+		CacheInvalidationStrategy: staticupload.CacheInvalidateBatchOnFlush,
+	})
 	if err != nil {
-		return nil, err
+		return nil, nil, err
 	}
-	s3client := s3.NewFromConfig(cfg)
-	uploadClient := s3manager.NewUploader(s3client)

-	return &Archivist{
-		uploadClient: uploadClient,
-		bucket:       bucket,
-		log:          log,
-	}, nil
+	archivist := &Archivist{
+		uploadClient:      staticUploadClient,
+		uploadClientClose: staticUploadClientClose,
+		bucket:            bucket,
+		log:               log,
+	}
+	archivistClose := func(ctx context.Context) error {
+		return archivist.Close(ctx)
+	}
+
+	return archivist, archivistClose, nil
+}
+
+// Close closes the uploader.
+// It invalidates the CDN cache for all uploaded files.
+func (a *Archivist) Close(ctx context.Context) error {
+	if a.uploadClientClose == nil {
+		return nil
+	}
+	return a.uploadClientClose(ctx)
 }

 // Archive reads the OS image in img and uploads it as key.
@ -65,3 +84,6 @@ func (a *Archivist) Archive(ctx context.Context, version versionsapi.Version, cs
 type uploadClient interface {
 	Upload(ctx context.Context, input *s3.PutObjectInput, opts ...func(*s3manager.Uploader)) (*s3manager.UploadOutput, error)
 }
+
+// CloseFunc is a function that closes the client.
+type CloseFunc func(ctx context.Context) error